How do I modify the for-production infrastructure-live example for a single-account setup? Do I need an accounts.hcl?

[gruntwork-support]

This message was extracted from a discussion that originally took place in Gruntwork Community Slack. Names and URLs have been removed where appropriate

From a customer

Hey guys,
Im currently working on building an RnD environment for my business.
Basically, im taking the infrastructure live and removing stuff I dont need (including multi account stuff).

There was a technical issue I was wondering about:
Should I keep an accounts.hcl with my single account, so that I could use the infra-live modules as is since they require it, or should I go the "for-learning-and-testing" way and have .tf files which specify exactly what i need from the regular module repos.

The reason I ask is because it seems weird for me to save what my account numbers are (which feels like state), in a code repo. It feels weird both on a security side (but im a novice there) and also from a separation of code and data side.

What are your recommendations?

[gruntwork-support]

From a grunt

The accounts.hcl is actually a guard rail to ensure you don’t accidentally touch the wrong account. Since there is no way for terragrunt to know from the code if you are authenticated to the right/intended account, we need to tell it which account which folders should apply to.

That is, terragrunt uses this information to construct the aws provider blocks in a way that tells terraform to make sure when one applies to the dev account, they are actually authenticated to the dev account.

This is also used in the infra CI/CD pipeline in a similar manner, to ensure the CI server authenticates to the right account (since assume role requires knowing the ARN, which requires knowing the account ID).

[gruntwork-support]

From a customer

Yeah, that makes sense now. Thanks